June 14, 2013

Yahoo was forced to become a member of the National Security Agency’s PRISM program after receiving an order from the U.S.’s top-secret court, a new report by The New York Times has revealed.

Yahoo refused to comply with the U.S. government’s warrantless request to help it spy on foreign users and, in 2008, sent its lawyers to do battle with the U.S. Foreign Intelligence Surveillance Court (FISC).

The court said Yahoo’s concerns were “overblown,” adding that “incidentally collected communications of non-targeted United States persons do not violate the Fourth Amendment.”

Yahoo “presented no evidence of actual harm, any egregious risk of error, or any broad potential for abuse,” the court said in its ruling, adding that “where the government has instituted several layers of serviceable safeguards to protect individuals against unwarranted harms and to minimize incidental intrusions, its efforts to protect national security should not be frustrated by the courts.”

The court concluded by saying it did not arrive at its decision lightly.

“We caution that our decision does not constitute an endorsement of broad-based, indiscriminate executive power. Rather, our decision recognizes that where the government has instituted several layers of serviceable safeguards to protect individuals against unwarranted harms and to minimize incidental intrusions, its efforts to protect national security should not be frustrated by the courts. This is such a case. We need go no further. The decision granting the government’s motion to compel is affirmed; the petition for review is denied and dismissed; and the motion for a stay is denied as moot.”

This left Yahoo with only two options: supply the desired information to the feds or face charges.

The matter, unsurprisingly, was kept very hush-hush. The only details of the battle to be made public were contained in a heavily redacted court order. Even Yahoo’s name was hidden from the document.

Although Yahoo declined to discuss the issue with The Times, the search engine firm’s involvement was confirmed by two sources with “knowledge of the proceedings.”

PRISM, a top-secret NSA program that supposedly monitors virtually every form of online communication available, came to light courtesy of whistleblower and former NSA contract work Edward Snowden after he collected classified material to hand over to U.K. newspaper The Guardian and The Washington Post.

According to documentation — a 41-page presentation — obtained by The Post, the monitoring campaign, dubbed PRISM, costs $20 million a year to run. The documentation seemed to indicate the technology companies named in the lawsuit gave the NSA access to their servers, handing over such things as e-mails, video and voice chats, videos, photos, stored data, VoIP, file transfers, video conferencing, notifications of activity, online social networking details and special requests.

Despite reports the Internet companies had voluntarily joined the program, it has since come to light that the leaked PowerPoint document may, in fact, have been misunderstood by The Post and The Guardian.

Many of the companies have posted online responses, saying they only hand over data when forced by a court order or a National Security Letter.

Yahoo general counsel Ron Bell, in a blog post last week, called claims that Yahoo had voluntarily joined the PRISM program “false.”

The following is an excerpt from his post:

Yahoo has not joined any program in which we volunteer to share user data with the U.S. government. We do not voluntarily disclose user information. The only disclosures that occur are in response to specific demands. And, when the government does request user data from Yahoo!, we protect our users. We demand that such requests be made through lawful means and for lawful purposes. We fight any requests that we deem unclear, improper, overbroad, or unlawful. We carefully scrutinize each request, respond only when required to do so, and provide the least amount of data possible consistent with the law.

The notion that Yahoo gives any federal agency vast or unfettered access to our users’ records is categorically false. Of the hundreds of millions of users we serve, an infinitesimal percentage will ever be the subject of a government data collection directive. Where a request for data is received, we require the government to identify in each instance specific users and a specific lawful purpose for which their information is requested. Then, and only then, do our employees evaluate the request and legal requirements in order to respond—or deny—the request.